package com.ruoyi.framework.security.filter;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

import com.alibaba.fastjson2.JSON;
import com.ruoyi.common.constant.HttpStatus;
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.ProjectConstant;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.security.auth.JwtUtil;
import com.ruoyi.framework.security.auth.RequestContext;
import com.ruoyi.framework.web.service.TokenService;

/**
 * token过滤器 验证token有效性
 * 
 * @author ruoyi
 */
@Component
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter
{
	@Autowired
	private TokenService tokenService;

	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
			throws ServletException, IOException
	{
		String url = request.getServletPath().toString();
		System.out.println("请求URL:"+url); 
		if(url.contains("api/v1/")) {
			if(ProjectConstant.TOKEN_URL_LIST.contains(url)) {
				int code = HttpStatus.UNAUTHORIZED;
				String msg = StringUtils.format("请求访问：{}，认证失败，无法访问系统资源", request.getRequestURI());
				String authHeader = request.getHeader("Authorization");
				if(StringUtils.isNotEmpty(authHeader)){
					boolean verity = JwtUtil.verity(authHeader);
					if(verity) {
						if(null == RequestContext.getThreadLocal().get()){
							RequestContext.init();
						}
						//验证通过
						RequestContext.set("userInfo", JwtUtil.getUserFromToken(authHeader));
						chain.doFilter(request, response);
					}else {
						code = 50010;
						msg = StringUtils.format("token失效");
						ServletUtils.renderString(response, JSON.toJSONString(AjaxResult.error(code, msg)));
					}
				}else {
					//将结果打印返回到前端
					code = 50010;
					msg = StringUtils.format("请先登录");
					ServletUtils.renderString(response, JSON.toJSONString(AjaxResult.error(code, msg)));
				}
			}else {
				if(null == RequestContext.getThreadLocal().get()){
					RequestContext.init();
				}
				String authHeader = request.getHeader("Authorization");
				if(StringUtils.isNotEmpty(authHeader)){
					RequestContext.set("userInfo", JwtUtil.getUserFromToken(authHeader));
				}
				chain.doFilter(request, response);
			}
		}else {
			System.out.println("token:"+request.getHeader("Authorization"));
			LoginUser loginUser = tokenService.getLoginUser(request);
			if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication()))
			{
				tokenService.verifyToken(loginUser);
				UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
				authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
				SecurityContextHolder.getContext().setAuthentication(authenticationToken);
			}
			chain.doFilter(request, response);
		}

	}
}
